I think the main reason that we would want to do this is so that a call could be made on the backend without needing to actually redirect the user -- an example of this would be:
- User logs into web application - Web application contacts webservice - Webservice contacts 3rd-party CASified webservice with generic credentials - 3rd-party webservice returns information to webservice - Webservice returns it to webapp - User sees information and smiles (this is very good information) The whole issue exists because we would like to contact our document storage software's API, but can't do it from the serverside without first getting through CAS. While I definitely agree that Shiro is a great choice for authorization, what we're saying is that EVERY call be made to this software as something like "Document_Storage_API_User" (as an AD user) and passed through CAS (which is hooked into AD). -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
